Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2012-4555

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-04 Jan, 2013 | 22:00
Updated At-06 Aug, 2024 | 20:42
Rejected At-
Credits

The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:04 Jan, 2013 | 22:00
Updated At:06 Aug, 2024 | 20:42
Rejected At:
▼CVE Numbering Authority (CNA)

The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id?1027846
vdb-entry
x_refsource_SECTRACK
http://rhn.redhat.com/errata/RHSA-2012-1550.html
vendor-advisory
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=869570
x_refsource_MISC
http://secunia.com/advisories/51482
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/bid/56843
vdb-entry
x_refsource_BID
Hyperlink: http://www.securitytracker.com/id?1027846
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1550.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=869570
Resource:
x_refsource_MISC
Hyperlink: http://secunia.com/advisories/51482
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/56843
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id?1027846
vdb-entry
x_refsource_SECTRACK
x_transferred
http://rhn.redhat.com/errata/RHSA-2012-1550.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=869570
x_refsource_MISC
x_transferred
http://secunia.com/advisories/51482
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/bid/56843
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.securitytracker.com/id?1027846
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1550.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=869570
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://secunia.com/advisories/51482
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/56843
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:04 Jan, 2013 | 22:55
Updated At:11 Apr, 2025 | 00:51

The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.0MEDIUM
AV:N/AC:L/Au:S/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 4.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:P
CPE Matches
Red Hat, Inc.
redhat
>>certificate_system>>Versions up to 8.1.1(inclusive)
cpe:2.3:a:redhat:certificate_system:*:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>certificate_system>>7.1
cpe:2.3:a:redhat:certificate_system:7.1:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>certificate_system>>7.2
cpe:2.3:a:redhat:certificate_system:7.2:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>certificate_system>>7.3
cpe:2.3:a:redhat:certificate_system:7.3:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>certificate_system>>8
cpe:2.3:a:redhat:certificate_system:8:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>certificate_system>>8.0
cpe:2.3:a:redhat:certificate_system:8.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>certificate_system>>8.1
cpe:2.3:a:redhat:certificate_system:8.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://rhn.redhat.com/errata/RHSA-2012-1550.htmlsecalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/51482secalert@redhat.com
Vendor Advisory
http://www.securityfocus.com/bid/56843secalert@redhat.com
N/A
http://www.securitytracker.com/id?1027846secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=869570secalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2012-1550.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/51482af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/56843af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1027846af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=869570af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1550.html
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/51482
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/56843
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1027846
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=869570
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1550.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/51482
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/56843
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1027846
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=869570
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

223Records found
CVE-2019-2626
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.21% / 43.14%
||
7 Day CHG-0.07%
Published-23 Apr, 2019 | 18:16
Updated-02 Oct, 2024 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle CorporationRed Hat, Inc.
Product-software_collectionsenterprise_linux_server_ausenterprise_linuxenterprise_linux_eusenterprise_linux_server_tusmysqlMySQL Server
CVE-2012-2685
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4||MEDIUM
EPSS-1.18% / 77.90%
||
7 Day CHG~0.00%
Published-28 Sep, 2012 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to cause a denial of service (memory consumption) via a large size in an image request.

Action-Not Available
Vendor-trevor_mckayn/aRed Hat, Inc.
Product-cuminenterprise_mrgn/a
CVE-2012-1688
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4||MEDIUM
EPSS-0.61% / 68.71%
||
7 Day CHG~0.00%
Published-03 May, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability, related to Server DML.

Action-Not Available
Vendor-n/aOracle CorporationMariaDB FoundationRed Hat, Inc.
Product-enterprise_linux_desktopenterprise_linux_eusenterprise_linux_workstationmariadbmysqlenterprise_linux_servern/a
CVE-2012-1689
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4||MEDIUM
EPSS-0.56% / 67.12%
||
7 Day CHG~0.00%
Published-17 Jul, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Action-Not Available
Vendor-n/aOracle CorporationMariaDB FoundationRed Hat, Inc.
Product-enterprise_linux_desktopenterprise_linux_eusenterprise_linux_workstationmariadbmysqlenterprise_linux_servern/a
CVE-2012-1690
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4||MEDIUM
EPSS-0.61% / 68.71%
||
7 Day CHG~0.00%
Published-03 May, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1703.

Action-Not Available
Vendor-n/aOracle CorporationMariaDB FoundationRed Hat, Inc.
Product-enterprise_linux_desktopenterprise_linux_eusenterprise_linux_workstationmariadbmysqlenterprise_linux_servern/a
CVE-2019-2420
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.9||MEDIUM
EPSS-0.15% / 35.76%
||
7 Day CHG-0.34%
Published-16 Jan, 2019 | 19:00
Updated-02 Oct, 2024 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Red Hat, Inc.NetApp, Inc.Canonical Ltd.Oracle Corporation
Product-ubuntu_linuxsoftware_collectionsenterprise_linux_server_ausenterprise_linuxstorage_automation_storeenterprise_linux_eusoncommand_workflow_automationenterprise_linux_server_tusoncommand_unified_managermysqlsnapcenterMySQL Server
CVE-2012-1734
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4||MEDIUM
EPSS-0.89% / 74.54%
||
7 Day CHG~0.00%
Published-17 Jul, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Action-Not Available
Vendor-n/aOracle CorporationMariaDB FoundationRed Hat, Inc.
Product-enterprise_linux_desktopenterprise_linux_eusenterprise_linux_workstationmariadbmysqlenterprise_linux_servern/a
CVE-2019-2455
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 41.86%
||
7 Day CHG-0.06%
Published-16 Jan, 2019 | 19:00
Updated-02 Oct, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-MariaDB FoundationNetApp, Inc.Red Hat, Inc.Oracle CorporationCanonical Ltd.
Product-enterprise_linux_serverubuntu_linuxsnapcentermariadbenterprise_linux_server_ausenterprise_linux_workstationactive_iq_unified_managerenterprise_linux_eusoncommand_workflow_automationenterprise_linux_server_tusenterprise_linux_desktopmysqloncommand_insightMySQL Server
CVE-2019-25014
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.19%
||
7 Day CHG~0.00%
Published-29 Jan, 2021 | 06:00
Updated-05 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. If a particular HTTP GET request is made to the pilot API endpoint, it is possible to cause the Go runtime to panic (resulting in a denial of service to the istio-pilot application).

Action-Not Available
Vendor-istion/aRed Hat, Inc.
Product-istioopenshift_service_meshn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2012-1705
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4||MEDIUM
EPSS-0.71% / 71.41%
||
7 Day CHG~0.00%
Published-17 Jan, 2013 | 01:30
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Action-Not Available
Vendor-n/aCanonical Ltd.Red Hat, Inc.Oracle CorporationMariaDB Foundation
Product-enterprise_linux_desktopubuntu_linuxenterprise_linux_eusenterprise_linux_workstationmariadbmysqlenterprise_linux_servern/a
CVE-2012-0574
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4||MEDIUM
EPSS-0.74% / 71.89%
||
7 Day CHG~0.00%
Published-17 Jan, 2013 | 01:30
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.Red Hat, Inc.Oracle CorporationMariaDB Foundation
Product-enterprise_linux_desktopubuntu_linuxenterprise_linux_eusenterprise_linux_workstationmariadbmysqlenterprise_linux_servern/a
CVE-2019-19337
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.55% / 67.01%
||
7 Day CHG~0.00%
Published-23 Dec, 2019 | 16:18
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Red Hat Ceph Storage version 3 in the way the Ceph RADOS Gateway daemon handles S3 requests. An authenticated attacker can abuse this flaw by causing a remote denial of service by sending a specially crafted HTTP Content-Length header to the Ceph RADOS Gateway server.

Action-Not Available
Vendor-Red Hat, Inc.
Product-ceph_storageCeph Storage
CWE ID-CWE-20
Improper Input Validation
CVE-2012-0572
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4||MEDIUM
EPSS-0.74% / 71.92%
||
7 Day CHG~0.00%
Published-17 Jan, 2013 | 01:30
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Action-Not Available
Vendor-n/aCanonical Ltd.Red Hat, Inc.Oracle CorporationMariaDB Foundation
Product-enterprise_linux_desktopubuntu_linuxenterprise_linux_eusenterprise_linux_workstationmariadbmysqlenterprise_linux_servern/a
CVE-2012-0540
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4||MEDIUM
EPSS-0.56% / 67.12%
||
7 Day CHG~0.00%
Published-17 Jul, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability, related to GIS Extension.

Action-Not Available
Vendor-n/aOracle CorporationMariaDB FoundationRed Hat, Inc.
Product-enterprise_linux_desktopenterprise_linux_eusenterprise_linux_workstationmariadbmysqlenterprise_linux_servern/a
CVE-2013-2230
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4||MEDIUM
EPSS-0.58% / 67.92%
||
7 Day CHG~0.00%
Published-30 Sep, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via unspecified vectors involving "multiple events registration."

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-libvirtn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-2511
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4||MEDIUM
EPSS-2.83% / 85.66%
||
7 Day CHG~0.00%
Published-10 Aug, 2011 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-libvirtn/a
CVE-2010-3701
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4||MEDIUM
EPSS-0.62% / 69.25%
||
7 Day CHG~0.00%
Published-12 Oct, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2 allows remote authenticated users to cause a denial of service (stack memory exhaustion and broker crash) via a large persistent message.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-enterprise_mrgn/a
CVE-2019-10153
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-0.49% / 64.56%
||
7 Day CHG~0.00%
Published-30 Jul, 2019 | 22:10
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member.

Action-Not Available
Vendor-clusterlabsClusterLabsRed Hat, Inc.
Product-enterprise_linux_serverenterprise_linux_workstationfence-agentsenterprise_linuxfence-agents
CWE ID-CWE-172
Encoding Error
CVE-2019-1002100
Matching Score-8
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
ShareView Details
Matching Score-8
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
CVSS Score-6.5||MEDIUM
EPSS-10.23% / 92.85%
||
7 Day CHG-0.25%
Published-01 Apr, 2019 | 14:14
Updated-05 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. `kubectl patch --type json` or `"Content-Type: application/json-patch+json"`) that consumes excessive resources while processing, causing a Denial of Service on the API Server.

Action-Not Available
Vendor-Red Hat, Inc.Kubernetes
Product-kubernetesopenshift_container_platformKubernetes
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2015-5250
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4||MEDIUM
EPSS-0.46% / 62.94%
||
7 Day CHG~0.00%
Published-08 Sep, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service (master process crash) via crafted JSON data.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-openshift_originn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2009-5136
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-0.62% / 69.25%
||
7 Day CHG~0.00%
Published-11 Oct, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANT_SUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job.

Action-Not Available
Vendor-condor_projectn/aRed Hat, Inc.
Product-condorenterprise_mrgn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-20699
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.13% / 33.10%
||
7 Day CHG~0.00%
Published-12 Jan, 2019 | 02:00
Updated-05 Aug, 2024 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go.

Action-Not Available
Vendor-n/aRed Hat, Inc.Docker, Inc.
Product-enterprise_linux_serverenginen/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2014-0078
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4||MEDIUM
EPSS-0.62% / 69.05%
||
7 Day CHG~0.00%
Published-14 May, 2014 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-cloudforms_3.0_management_enginen/a
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found